Daily NCSC-FI news followup 2021-02-24

Haavoittuvuuksia VMwaren tuotteissa – päivitä heti

www.kyberturvallisuuskeskus.fi/fi/haavoittuvuuksia-vmwaren-tuotteissa-paivita-heti VMware julkaisi päivityksiä, jotka tulisi asentaa välittömästi. Haavoittuvuudet mahdollistavat esimerkiksi etänä suoritettavat komennot sekä mielivaltaisen ohjelmakoodin suorittamisen. Kriittinen haavoittuvuus CVE-2021-21972 koskee VMware vCenter Server – -hallinta-alustaa, joka mahdollistaa etänä suoritettavien komentojen suorittamisen. Julkaistu vakava haavoittuvuus CVE-2021-21974 koskee ESXi OpenSLP -puskurin ylivuotoa.

Google funds Linux maintainers to boost Linux kernel security

www.bleepingcomputer.com/news/security/google-funds-linux-maintainers-to-boost-linux-kernel-security/ Together with the Linux Foundation, Google announced today that they would fund two Linux kernel developers’ efforts as full-time maintainers exclusively focused on improving Linux security.

CISA Releases Joint Cybersecurity Advisory on Exploitation of Accellion File Transfer Appliance

us-cert.cisa.gov/ncas/current-activity/2021/02/24/cisa-releases-joint-cybersecurity-advisory-exploitation-accellion The cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States have released Joint Cybersecurity Advisory AA21-055A: Exploitation of Accellion File Transfer Appliance.

LazyScripter: From Empire to double RAT

blog.malwarebytes.com/malwarebytes-news/2021/02/lazyscripter-from-empire-to-double-rat/ Malwarebytes’ Threat Intelligence analysts are continually researching and monitoring active malware campaigns and actor groups as the prevalence and sophistication of targeted attacks rapidly evolves. In this paper, we introduce a new APT group we have named LazyScripter, presenting in-depth analysis of the tactics, techniques, procedures, and infrastructure employed by this actor group. Lisäksi:

www.bleepingcomputer.com/news/security/lazyscripter-hackers-target-airlines-with-remote-access-trojans/. Lisäksi:

resources.malwarebytes.com/files/2021/02/LazyScripter.pdf

NASA and the FAA were also breached by the SolarWinds hackers

www.bleepingcomputer.com/news/security/nasa-and-the-faa-were-also-breached-by-the-solarwinds-hackers/ NASA and the US Federal Aviation Administration (FAA) have also been compromised by the nation-state hackers behind the SolarWinds supply-chain attack, according to a Washington Post report. The two attacks are part of a broader espionage effort targeting and compromising multiple US government agencies over the last year.

Hackers Tied to Russia’s GRU Targeted the US Grid for Years, Researchers Warn

www.wired.com/story/russia-gru-hackers-us-grid/ A Sandworm-adjacent group has successfully breached US critical infrastructure a handful of times, according to new findings from the security firm Dragos. On Wednesday, industrial cybersecurity firm Dragos published its annual report on the state of industrial control systems security, which names four new foreign hacker groups focused on those critical infrastructure systems. Three of those newly named groups have targeted industrial control systems in the US, according to Dragos.

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

thehackernews.com/2021/02/online-trackers-increasingly-switching.html With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy.

Heavily used Node.js package has a code injection vulnerability

www.bleepingcomputer.com/news/security/heavily-used-nodejs-package-has-a-code-injection-vulnerability/ A heavily downloaded Node.js library has a high severity command injection vulnerability revealed this month. Tracked as CVE-2021-21315, the bug impacts the “systeminformation” npm component which gets about 800, 000 weekly downloads and has scored close to 34 million downloads to date since its inception.

Vietnamese Activists Targeted by Notorious Hacking Group

www.amnestyusa.org/reports/vietnamese-activists-targeted-by-notorious-hacking-group/ Hacking group Ocean Lotus, which has been suspected of having links with the Vietnamese government, is behind a sustained campaign of spyware attacks on the country’s human rights activists, a new investigation by Amnesty Tech reveals, underscoring an intensifying assault on freedom of expression. Lisäksi:

www.bleepingcomputer.com/news/security/apt32-state-hackers-target-human-rights-defenders-with-spyware/. Lisäksi:

www.amnestyusa.org/wp-content/uploads/2021/02/Click-and-Bait_Vietnamese-Human-Rights-Defenders-Targeted-with-Spyware-Attacks.pdf

You might be interested in …

Daily NCSC-FI news followup 2019-08-06

QualPwn Bugs In Snapdragon SoC Can Attack Android Over the Air www.bleepingcomputer.com/news/security/qualpwn-bugs-in-snapdragon-soc-can-attack-android-over-the-air/ Two serious vulnerabilities in Qualcomm’s Snapdragon system-on-a-chip (SoC) WLAN firmware could be leveraged to compromise the modem and the Android kernel over the air.. The flaws were found in Qualcomm’s Snapdragon 835 and 845 WLAN component. The tests were made on Google Pixel […]

Read More

Daily NCSC-FI news followup 2020-01-13

Citrix ADC Exploits: Overview of Observed Payloads isc.sans.edu/forums/diary/Citrix+ADC+Exploits+Overview+of+Observed+Payloads/25704/ Now that there are public exploits for Citrix ADC, we are seeing many attacks and are observing various payloads. For the moment, after normalization, we observed 37 different payloads Who else works for this cover company network? intrusiontruth.wordpress.com/2020/01/13/who-else-works-for-this-cover-company-network/ In our previous articles we identified a network of […]

Read More

Daily NCSC-FI news followup 2021-03-18

Tiedote 18.3.2021: Timanttiteko-palkinto 2020 Kyberturvallisuuskeskukselle www.erillisverkot.fi/timanttiteko-palkinto-2020/ Turvallisuuskomitea on myöntänyt vuoden 2020 Timanttiteko-palkinnon Kyberturvallisuuskeskukselle Yhteiskunnan turvallisuusstrategian tavoitteiden esimerkillisestä edistämisestä. Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus on kansallinen tietoturvaviranomainen ja sillä on merkittävä rooli digitaalisessa yhteiskunnassa. Nopeasti muuttuvassa maailmassa tietoturvan ylläpito ja kehittäminen, tietoturvaloukkausten havainnointi ja selvittäminen sekä eri organisaatioiden kouluttaminen ja tietojärjestelmien arviointi on välttämätöntä. Suojelupoliisi tunnisti […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.